SOC 2 · CC7
CC7 · System Operations
5 controls in this family.
SOC2-CC7-VULN-MGMT
Vulnerability Management Program
Continuous scanning of production infrastructure and applications for known vulnerabilities, with SLA-based remediation.
SOC2-CC7-PENTEST
Annual Penetration Testing
Annual external penetration test of production infrastructure and applications by an independent third party.
SOC2-CC7-SIEM
Security Monitoring and SIEM
Centralized log aggregation and automated alerting for security-relevant events across production systems.
SOC2-CC7-INCIDENT-RESPONSE
Security Incident Response Plan
Documented and tested plan for detecting, containing, eradicating, and recovering from security incidents.
SOC2-CC7-POST-INCIDENT-REVIEW
Post-Incident Review Process
Blameless post-mortems after security incidents to identify root causes, contributing factors, and preventive actions.
Vulnerability Management Program
Continuous scanning of production infrastructure and applications for known vulnerabilities, with SLA-based remediation.
Testing: Weekly
Annual Penetration Testing
Annual external penetration test of production infrastructure and applications by an independent third party.
Testing: Annually
Security Monitoring and SIEM
Centralized log aggregation and automated alerting for security-relevant events across production systems.
Testing: Daily
Security Incident Response Plan
Documented and tested plan for detecting, containing, eradicating, and recovering from security incidents.
Testing: Semi-annually
Post-Incident Review Process
Blameless post-mortems after security incidents to identify root causes, contributing factors, and preventive actions.
Testing: Per incident